Splunk/SOC Tooling Specialist - 6-month contract (Inside IR35) - Hybrid, Central London

Splunk/SOC Tooling Specialist - 6-month contract (Inside IR35) - Hybrid, Central London

Overview: Senior Splunk (and broader SOC tooling) SME to own platform health, ingestion and use-case development while managing tooling operations and supporting the SOC team. 

Key responsibilities

• Operate and optimise Splunk deployments, ingestion pipelines and dashboards.

• Build, test and tune detection use cases and alert content; reduce false positives.

• Manage integration and operational support for other SOC tools (Darktrace, SOAR, EDR).

• Provide day-to-day support to SOC analysts and run regular knowledge-transfer/mentoring sessions.

• Own platform maintenance windows, capacity planning and incident support for tooling outages.

• Drive platform upgrades, data onboarding and documentation for runbooks and handovers.

Must have

• Strong Splunk experience (SPL, searches, dashboards, data onboarding and optimisation).

• Experience operating SOC tooling in a 24x7 environment and supporting analyst teams.

Nice to have

• Experience with Darktrace, SOAR tooling and cloud log sources; demonstrated ability to coach junior engineers.